Very Good Security
VGS processes billions of sensitive data records, and its data under management has grown more than 10x year-over-year. Companies ranging from the Fortune 100 to innovators like Brex, Deserve, Doordash, Fast, and Mercury increasingly leverage the VGS platform to facilitate the secure exchange of their sensitive data while retaining ownership and control over sensitive data and transferring data custodianship to VGS. The Zero Data��������� approach eliminates the need for companies to store sensitive data witlatory compliance and certifications, including PCI-DSS and SOC 2. For example, banking-as-a-service Unit Finance uses VGS to expedite connectivity to payments networks while offloading PCI-DSS complexity.
- This is a remote position that is available in any timezone of the country listed on our careers page.
Your Impact And Why VGS Needs You
This role is on the Application Security Team, which builds programs that contribute to securing our products and services.
In This Role You Will
- Triage and prioritize application security vulnerabilities. Work with Engineering to schedule mitigations.
- Track bug bounty spends and MTTM (mean time to mitigation) of security vulnerabilities.
- Develop internal AppSec review processes.
- Build and conduct secure coding training for all developers.
- Mentor and train security champions throughout Engineering.
- Implement automated, proactive security measures (e.g., SAST/DAST).
- Develop Secure SDLC process and communicate process to Engineering.
- Collaborate with external-facing security communications team when possible/feasible (e.g., blog posts, security vulnerability disclosures, etc.).
We Expect You To Have
- At least 3-5 years of direct experience either working on or leading an application security team.
- Experience conducting internal application security reviews.
- Experience with vulnerability disclosure programs.
- Experience with building/measuring metrics and KPIs to track security mitigations.
- Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, GitLab, etc).
- Experience developing and communicating Secure SDLC processes.
- Experience working with SAST/DAST and related tools (e.g., Synopsys, Veracode, GitLab Secure, GitHub Advanced Security, etc.).
- Experience with threat modeling methodologies (e.g., STRIDE).
- Experience with Java and Python secure coding assessments.
Even Better If You Know a Bit About
- Experience with cloud-native pre-IPO startup companies.
- Experience with AWS security services and tooling.
What You Get From Us
- Competitive health benefits including medical, dental, & vision insurance
- 401k plan with company match and immediate vesting
- Flexible time off
- VGS stock options
What���������s Unique About VGS
- We���������re a quickly scaling company with a startup mindset.
- We love to empower our people to take ownership! You���������ll find you are given the freedom and will own the responsibility to be successful here.
- We���������re creating a remote-first philosophy. You���������ll have a strong impact on a new cultural shift within the company.
a remote first philosophy. We are actively hiring for fully remote positions, so you can work from the comfort of your own workspace! Learn more about how Very Good Security is embracing a remote work culture in our blog: Read here
At Very Good Security we value great talent. Striving to provide the best experience for our candidates VGS appreciates your candidacy. We consider applicants without regards to race, color, national origin, sex, age, religion, sexual orientation, gender identity, veteran status, marital status, physical or mental disability, or other protected classes under all local, state, and federal laws and ordinances (AA/EOE/W/M/Vet/Disabled). Qualified applicants with arrest and conviction records will be considered for the position in accordance with the San Francisco Fair Chance Ordinance.
To apply for this job please visit boards.greenhouse.io.